vault: do not reuse TCP connections

This commit disables TCP connection reuse for Vault. Apparently, TCP connections to Vault might hang if Vault gets shutdown forcefully. The downside of this commit is that KES has to re-open a new TCP connection for every interaction with Vault. However, KES should not rach out to Vault most of them time. Hence, this change seems acceptable. Signed-off-by: Andreas Auernhammer <[email protected]>
minio · Sep 10, 2024 · 503251c · 503251c
1 parent 1da59a0
commit 503251c
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/internal/keystore/vault/vault.go b/internal/keystore/vault/vault.go
@@ -108,6 +108,10 @@ func Connect(ctx context.Context, c *Config) (*Store, error) {
 	config.CloneTLSConfig = true // Required for status checks
 	config.CloneToken = true     // Required for status checks
 	config.ConfigureTLS(tlsConfig)
+	if tr, ok := config.HttpClient.Transport.(*http.Transport); ok {
+		tr.DisableKeepAlives = true
+		tr.MaxIdleConnsPerHost = -1
+	}
 	vaultClient, err := vaultapi.NewClient(config)
 	if err != nil {
 		return nil, err